Собсно на днях выскочил такой косяк в работе ДНС, доставшимся мне "по наследству".
Лог мастера:
Код: Выделить всё
May 11 11:08:25.050 client 195.5.18.12#48143: zone transfer 'dc.dn.ua/IN' denied
May 11 11:08:26.030 client 195.5.18.12#48144: zone transfer 'dc.donetsk.ua/IN' denied
May 11 11:10:00.053 client 195.5.18.12#48175: zone transfer 'dn.ukrtelecom.ua/IN' denied
May 11 11:10:06.168 client 195.5.18.12#48180: zone transfer 'dc.ukrtel.net/IN' denied
Код: Выделить всё
May 11 11:08:25.551 transfer of 'dc.dn.ua/IN' from 195.5.18.2#53: failed while receiving responses: REFUSED
May 11 11:08:25.552 transfer of 'dc.dn.ua/IN' from 195.5.18.2#53: end of transfer
May 11 11:08:26.531 transfer of 'dc.donetsk.ua/IN' from 195.5.18.2#53: failed while receiving responses: REFUSED
May 11 11:08:26.531 transfer of 'dc.donetsk.ua/IN' from 195.5.18.2#53: end of transfer
May 11 11:10:00.552 transfer of 'dn.ukrtelecom.ua/IN' from 195.5.18.2#53: failed while receiving responses: REFUSED
May 11 11:10:00.552 transfer of 'dn.ukrtelecom.ua/IN' from 195.5.18.2#53: end of transfer
May 11 11:10:06.668 transfer of 'dc.ukrtel.net/IN' from 195.5.18.2#53: failed while receiving responses: REFUSED
May 11 11:10:06.668 transfer of 'dc.ukrtel.net/IN' from 195.5.18.2#53: end of transfer
Код: Выделить всё
# dig @127.0.0.1 dc.ukrtel.net axfr
; <<>> DiG 9.2.2-P3 <<>> @127.0.0.1 dc.ukrtel.net axfr
;; global options: printcmd
; Transfer failed.
[root@ns etc]# dig @127.0.0.1 dc.dn.ua axfr
; <<>> DiG 9.2.2-P3 <<>> @127.0.0.1 dc.dn.ua axfr
;; global options: printcmd
; Transfer failed.
Код: Выделить всё
acl all { 0/0; };
acl my_network { 91.124/16;
195.5.15/24;
195.5.18/23;
195.5.20/23;
195.5.26/24;
195.5.55/24;
195.5.3/24;
<<куча клиентских сетей>>
//---------------Allow Forward Ukrtel Kyiv NS
195.5.6.10;
213.179.249.150;
};
acl secondaries { 195.5.18/23;
195.5.20/23;
195.5.55/24;
213.179.246/23;
213.179.253/24;
82.207.12.0/23;
82.207.14.0/23;
82.207.50.0/23;
82.207.87.0/23;
194.44.58.65;
194.145.216.1;
194.44.58.71;
195.5.6.10;
195.39.210.54;
195.58.224.33;
195.184.219.18;
195.184.219.19;
193.220.71.18;
194.145.216/23;
193.110.112.2;
193.110.112.3;
195.184.200.193;
// interfaces of r4.dgtu.donetsk.ua
194.44.183.214;
194.44.183.194;
};
//-------------------------------------------
logging {
category lame-servers { null; };
channel my_channel { file "/var/log/named.log"; print-time yes; };
category default { my_channel; };
};
//-------------------------------------------
options {
directory "/var/named";
allow-query { my_network; secondaries; };
allow-transfer { 127.0.0.1; my_network; secondaries; };
recursive-clients 20000;
notify no;
transfer-format many-answers;
// additional-from-cache no;
forwarders {
//------ns.ukrtel.net---------
195.5.6.10;
213.179.249.150;
195.5.18.12;
};
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
allow-query { all; };
allow-transfer { 195.5.18.2; 195.5.18.12; 195.5.6.10; };
file "db.127.0.0";
};
zone "dc.ukrtel.net" {
type master;
allow-transfer { 195.5.18.2;
195.5.6.10;
213.179.249.150;
};
allow-query { my_network; };
file "db.dc.ukrtel.net";
};
zone "dc.donetsk.ua" {
type master;
allow-transfer { 195.5.18.2;
195.5.6.10;
213.179.249.150;
};
allow-query { my_network; };
file "db.dc.donetsk.ua";
};
zone "dc.dn.ua" {
type master;
allow-transfer { 195.5.18.2;
195.5.6.10;
213.179.249.150;
};
allow-query { my_network; };
file "db.dc.dn.ua";
};
zone "dn.ukrtelecom.ua" {
type master;
allow-transfer { 195.5.18.2;
195.5.6.10;
213.179.249.150;
};
allow-query { my_network; };
file "db.dn.ukrtelecom.ua";
};
zone "donetsk.ukrtelecom.ua" {
type master;
allow-transfer { 195.5.18.2;
195.5.6.10;
213.179.249.150;
};
allow-query { my_network; };
file "db.donetsk.ukrtelecom.ua";
};
<<ниже идут клиентские зоны>>Код: Выделить всё
acl all { 0/0; };
acl telekom {
195.5.18/23;
195.5.20/23;
195.5.26/24;
195.5.55.0/24;
195.5.3.0/24;
213.179.245.0/24;
213.179.246/23;
213.179.253/24;
82.207.12.0/23;
82.207.14.0/23;
82.207.51.0/24;
82.207.101.155/32;
82.207.87.0/23;
92.112.0.0/16;
92.113.0.0/16;
195.39.210.54;
};
acl allowed {
195.58.224.33;
195.58.224.34;
194.44.58.65;
194.44.58.71;
195.5.6.10;
193.220.71.18;
194.44.183.214;
194.44.183.194;
195.184.192.18;
193.220.71.0/24;
195.39.210.54;
};
logging {
category lame-servers { null; };
channel my_channel { file "/var/log/named.log"; print-time yes; };
category default { my_channel; };
};
acl secondaries {
telekom;
allowed;
};
options {
directory "/var/named";
allow-query { telekom; };
allow-transfer { secondaries; };
recursive-clients 2000;
forwarders {
195.5.18.2;
};
notify no;
// additional-from-cache no;
};
zone "dc.ukrtel.net" {
type slave;
file "db.dc.ukrtel.net";
allow-query { all; };
allow-transfer { 195.5.18.2; };
masters {
195.5.18.2;
};
};
zone "dc.donetsk.ua" {
type slave;
file "db.dc.donetsk.ua";
allow-query { all; };
allow-transfer { 195.5.18.2; };
masters {
195.5.18.2;
};
};
zone "dc.dn.ua" {
type slave;
file "db.dc.dn.ua";
allow-query { all; };
allow-transfer { 195.5.18.2; };
masters {
195.5.18.2;
};
};
zone "dc.donetsk.ua" {
type slave;
file "db.dc.donetsk.ua";
allow-query { all; };
allow-transfer { 195.5.18.2; };
masters {
195.5.18.2;
};
};
zone "dc.dn.ua" {
type slave;
file "db.dc.dn.ua";
allow-query { all; };
allow-transfer { 195.5.18.2; };
masters {
195.5.18.2;
};
};
zone "dn.ukrtelecom.ua" {
type slave;
file "db.dn.ukrtelecom.ua";
allow-query { all; };
allow-transfer { 195.5.18.2; };
masters {
195.5.18.2;
};
};
<<клиентские зоны>>
